Adobe on Thursday confirmed that malicious parties had compromised its networks and potentially gleaned credit card and other personal information from the accounts of nearly three million users.

The creative software company revealed the breach in a post to its official blog. Adobe's security team recently discovered a number of "sophisticated attacks" on its network, with some of those attacks targeting customer information and source code for several Adobe products.

In all, the attackers are believed to have stolen information on 2.9 million Adobe account holders. That data includes customer names, encrypted credit and debit card numbers, expiration dates, and other customer order information. Adobe does not believe that decrypted credit or debit card numbers were removed from the network.

Adobe has contacted federal law enforcement for help in the investigation and is resetting passwords for affected accounts in order to prevent further unauthorized access. Owners of affected Adobe ID accounts will receive an email notification from Adobe with information on how to change their passwords.

The company also recommends that account holders affected by the attack change their passwords on any website where they may have signed up with the same login credentials.

On its end, Adobe has spread news of the breach to banks that process its payments, and is coordinating with payment card companies and card-issuing institutions to help protect customers' accounts. In addition, the company is extending a free one-year credit monitoring membership to those customers whose information was compromised.

I love how when corporate sites get hacked they always say that the credit cards are encrypted so it should be fine. If the hackers were into your database they likely owned your whole server and surly would have found the encryption key. It is not like they are MD5 hashed because they need to decrypt them every time they show you the check out shopping cart page so you can use the card on record.

On our e-commerce site we don't store any credit cards, not even the last four digits. The last four get emailed to the client but not saved. The full credit card goes to the merchant gateway and we never see it. I feel a lot safer not being responsible for the customers' credit cards. All these big sites like Amazon, Apple, Adobe want to keep the cards on file to make it easier for people to buy stuff but it comes at a risk.

I do order a lot of things from the net, from a whole bunch of different sites, and I usually always check out as guest, it doesn't take long to do, and I feel safer, because I don't want to create a profile and I don't want my credit card info being stored. You simply can not trust most sites to keep your info secure.

As a matter of fact, I just remembered that Amazon has one of my cards on file, so I just went there and deleted it, took less than 1 minute. I don't mind entering my CC details again next time I shop for something. And imagine having all of your personal and financial info stored and managed by the incompetent baboons in the govt? I am so damn glad that I do not have to sign up for any govt healthcare crap. I was just reading today how it might be a haven for hackers. And with the incompetent people working there, I do not doubt it for a second. They can't even manage a simple website.

One more reason not to use Creative Cloud. If you buy software licenses, you buy them at random places, wherever you get the best discount at a time.

With these stupid "software-as-service-which-isn't-really-a-service-but-we-market-it-as-service-anyway-because-we-make-more-money-that-way" scams that are more and more popular, all the customer data gets hoarded by a few major vendors, and they are magnificent targets, particularly in the case of companies like Adobe which don't know how to write decent code in the first place.

(PS: No, deriving mathematical algorithms for image processing is not the same as knowing how to write decent code, Adobe knows the former, but not the latter).

One more reason not to use Creative Cloud. If you buy software licenses, you buy them at random places, wherever you get the best discount at a time.

So where did you buy that box of Final Cut Pro X or Aperture or iWork? Apple stores your card just like Adobe and they are not immune from being hacked either. Just last month the dev site was down for a couple weeks due to hacked user profiles which probably included credit card info. To address your rant on Adobe not knowing how to code, I'm sure you have built a billion dollar software enterprise which clearly legitimizes the validity of your remarks.

I usually always check out as guest, it doesn't take long to do, and I feel safer, because I don't want to create a profile and I don't want my credit card info being stored. You simply can not trust most sites to keep your info secure.

Guest accounts still create accounts. Even on big ecommerce platforms like magento. Unfortunately.

One more reason not to use Creative Cloud. If you buy software licenses, you buy them at random places, wherever you get the best discount at a time.

So where did you buy that box of Final Cut Pro X or Aperture or iWork? Apple stores your card just like Adobe and they are not immune from being hacked either. Just last month the dev site was down for a couple weeks due to hacked user profiles which probably included credit card info.

According to Apple it didn't. Nothing is absolutely secure, and nowhere do I state that I like Apple's data hoarding.

As a matter of fact, besides the forced single-source software store, one of the main reason why I dislike the fact that Apple locks legitimate users out of their own devices, is that it's impossible to discern if an iOS device is hacked or is running spyware, unless the user has root access, which currently is only possible by jail-breaking.

I like iOS devices to be non-jailbreakable (i.e. be secure), but with the legitimate user/owner having full root access, just like on any other decent computing system. Just because the device is small and pocketable doesn't mean it's not a computer or users shouldn't be able to rule the device they bought.

Quote:

To address your rant on Adobe not knowing how to code, I'm sure you have built a billion dollar software enterprise which clearly legitimizes the validity of your remarks.

That's the same sort of asinine comment that ignoramuses throw e.g. at art critics: one doesn't have to be a successful author to be a literary critic; one doesn't have to be a successful musician to be a good music critic. Further, sales do not indicate anything about quality of the product, only about the quality of the marketing, otherwise, McDonalds were the best food in the world.

If you need to know my credentials: I have a Sc.M. in Computer Science from an Ivy League school, and I have been working with OSX and it's predecessors ever since that little black cube called NeXT was at my disposal, which was in 1989 with NeXTSTEP 0.8.

Without even trying, I ranked 10th, 2nd and 1st in the three bug-busting contests NeXT made, and ADC guys knew me by name due to the number and quality of bug reports I used to submit. (I gave up on that when Apple switched to a web based reporting tool that is a waste of my time, so I lost interest, given that I'm not getting paid for doing Apple software QA)

So I think I know a thing or two about writing code, debugging, bug reporting, knowing the symptoms of badly written code, and eliciting bugs in software.

One prime example of shoddy Adobe code: just about all Adobe software stops functioning when installed on a case-sensitive file system (if the installer doesn't already crash trying to install the software on a case-sensitive volume), because the Adobe programmers are incapable of #define-ing file names in one central place and then referring to these resource names by means of the corresponding macros; heck they seem to be even incapable of running a global regex search-replace to fix the case on all occurrences of resource names. Instead they refer to resources all over their code in a variety of case spellings, which means the moment the software is on a case-sensitive file system, it breaks. This is a horrendous coding practice.

There are other examples, like e.g. their own invention (PS and PDF) being rendered more slowly and with higher resource usage by their bloated rendering engines than by the optimized 3rd party/"copycat" implementations, such as NeXT's DisplayPostScript (which NeXT licensed from Adobe and then heavily optimized and improved on in-house) or Apple's Quartz PDF rendering engine.

There are plenty of other examples, e.g. their plug-in architecture, their ridiculously scattered software resources, their brain-dead installers, their proprietary GUI they don't even manage to get consistent across their own Creative Suite in decades, their laggard status migrating away from Carbon, etc.
The only company that could compete in the bad code department was Macromedia (who brought as such wonders in code and resource "efficiency and elegance" as Flash), which Adobe bought up. Perfect match made in hell.

Never mind that minor feature upgrades and various "transitions" they owe Apple (OS 9 to OS X, PPC to intel, 32-bit to 64-bit) allowed them to each time milk customers for more than the upgrades were worth and now that they see the end of the gravy train, they just turn the whole pile into a subscription-only product. If they can't innovate in software, they innovate in milking customers...

According to Apple it didn't. Nothing is absolutely secure, and nowhere do I state that I like Apple's data hoarding.

Unlike you seem to be, I'm not a blind fanboy where Apple can do no wrong. As a matter of fact, besides the forced single-source software store, one of the main reason why I dislike the fact that Apple locks legitimate users out of their own devices, is that it's impossible to discern if an iOS device is hacked or is running spyware, unless the user has root access, which currently is only possible by jail-breaking.

I like iOS devices to be non-jailbreakable (i.e. be secure), but with the legitimate user/owner having full root access, just like on any other decent computing system. Just because the device is small and pocketable doesn't mean it's not a computer or users shouldn't be able to rule the device they bought.

That's the same sort of asinine comment that ignoramuses throw e.g. at art critics: one doesn't have to be a successful author to be a literary critic; one doesn't have to be a successful musician to be a good music critic. Further, sales do not indicate anything about quality of the product, only about the quality of the marketing, otherwise, McDonalds were the best food in the world.

If you need to know my credentials: I have a Sc.M. in Computer Science from an Ivy League school, and I have been working with OSX and it's predecessors ever since that little black cube called NeXT was at my disposal, which was in 1989 with NeXTSTEP 0.8.

Without even trying, I ranked 10th, 2nd and 1st in the three bug-busting contests NeXT made, and ADC guys knew me by name due to the number and quality of bug reports I used to submit. (I gave up on that when Apple switched to a web based reporting tool that is a waste of my time, so I lost interest, given that I'm not getting paid for doing Apple software QA)

So I think I know a thing or two about writing code, debugging, bug reporting, knowing the symptoms of badly written code, and eliciting bugs in software.

One prime example of shoddy Adobe code: just about all Adobe software stops functioning when installed on a case-sensitive file system (if the installer doesn't already crash trying to install the software on a case-sensitive volume), because the Adobe programmers are incapable of #define-ing file names in one central place and then referring to these resource names by means of the corresponding macros; heck they seem to be even incapable of running a global regex search-replace to fix the case on all occurrences of resource names. Instead they refer to resources all over their code in a variety of case spellings, which means the moment the software is on a case-sensitive file system, it breaks. This is a horrendous coding practice.

There are other examples, like e.g. their own invention (PS and PDF) being rendered more slowly and with higher resource usage by their bloated rendering engines than by the optimized 3rd party/"copycat" implementations, such as NeXT's DisplayPostScript (which NeXT licensed from Adobe and then heavily optimized and improved on in-house) or Apple's Quartz PDF rendering engine.

There are plenty of other examples, e.g. their plug-in architecture, their ridiculously scattered software resources, their brain-dead installers, their proprietary GUI they don't even manage to get consistent across their own Creative Suite in decades, their laggard status migrating away from Carbon, etc.
The only company that could compete in the bad code department was Macromedia (who brought as such wonders in code and resource "efficiency and elegance" as Flash), which Adobe bought up. Perfect match made in hell.

Never mind that minor feature upgrades and various "transitions" they owe Apple (OS 9 to OS X, PPC to intel, 32-bit to 64-bit) allowed them to each time milk customers for more than the upgrades were worth and now that they see the end of the gravy train, they just turn the whole pile into a subscription-only product. If they can't innovate in software, they innovate in milking customers...